Identity Thieves Hacked Multiple Consumer Data Brokers

According to an extensive investigation by Brian Krebs of KrebsOnSecurity, an organized group of identity thieves who trade in stolen personal information have successfully compromised multiple consumer data brokers, including LexisNexis, Dun & Bradstreet, and Kroll Background America.

The website ssndob[dot]ms has been selling personal information in the Internet black market for several years according to Krebs, including social security numbers, birth records and credit profiles, but until no the origin of the illicit data has been unknown.

Exposure of the operation began earlier this year when hacktivists used the service to collect personal data on numerous celebrities which were then posted online, but the big break in the case came after the identity theft service itself was breached.

“Earlier this summer, SSNDOB was compromised by multiple attackers, its own database plundered. A copy of the SSNDOB database was exhaustively reviewed by KrebsOnSecurity.com,” Krebs reported.

“The database shows that the site’s 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.”

Kreb’s investigation looked into the activity of the identity thieves and the credentials they used, and tied them to a stealthy botnet that was shown to be communicating with the internal networks of the compromised data brokers, pilfering the private data on consumers.

Analysis of the bot malware by Virustotal indicated that “none of the 46 top anti-malware tools on the market today detected it as malicious,” Krebs reports.

“All three victim companies said they are working with federal authorities and third-party forensics firms in the early stages of determining how far the breaches extend, and whether indeed any sensitive information was accessed and exfiltrated from their networks.”